epoptes team mailing list archive
-
epoptes team
-
Mailing list archive
-
Message #01415
[Bug 1718227] Re: replacement of ifupdown with netplan needs integration for /etc/network/if{up, down}.d scripts
This bug was fixed in the package openssh - 1:7.9p1-1
---------------
openssh (1:7.9p1-1) unstable; urgency=medium
* New upstream release (https://www.openssh.com/txt/release-7.9):
- ssh(1), sshd(8): allow most port numbers to be specified using service
names from getservbyname(3) (typically /etc/services; closes:
#177406).
- ssh(1): allow the IdentityAgent configuration directive to accept
environment variable names. This supports the use of multiple agent
sockets without needing to use fixed paths.
- sshd(8): support signalling sessions via the SSH protocol. A limited
subset of signals is supported and only for login or command sessions
(i.e. not subsystems) that were not subject to a forced command via
authorized_keys or sshd_config.
- ssh(1): support "ssh -Q sig" to list supported signature options.
Also "ssh -Q help" to show the full set of supported queries.
- ssh(1), sshd(8): add a CASignatureAlgorithms option for the client and
server configs to allow control over which signature formats are
allowed for CAs to sign certificates. For example, this allows
banning CAs that sign certificates using the RSA-SHA1 signature
algorithm.
- sshd(8), ssh-keygen(1): allow key revocation lists (KRLs) to revoke
keys specified by SHA256 hash.
- ssh-keygen(1): allow creation of key revocation lists directly from
base64-encoded SHA256 fingerprints. This supports revoking keys using
only the information contained in sshd(8) authentication log messages.
- ssh(1), ssh-keygen(1): avoid spurious "invalid format" errors when
attempting to load PEM private keys while using an incorrect
passphrase.
- sshd(8): when a channel closed message is received from a client,
close the stderr file descriptor at the same time stdout is closed.
This avoids stuck processes if they were waiting for stderr to close
and were insensitive to stdin/out closing (closes: #844494).
- ssh(1): allow ForwardX11Timeout=0 to disable the untrusted X11
forwarding timeout and support X11 forwarding indefinitely.
Previously the behaviour of ForwardX11Timeout=0 was undefined.
- sshd(8): when compiled with GSSAPI support, cache supported method
OIDs regardless of whether GSSAPI authentication is enabled in the
main section of sshd_config. This avoids sandbox violations if GSSAPI
authentication was later enabled in a Match block.
- sshd(8): do not fail closed when configured with a text key revocation
list that contains a too-short key.
- ssh(1): treat connections with ProxyJump specified the same as ones
with a ProxyCommand set with regards to hostname canonicalisation
(i.e. don't try to canonicalise the hostname unless
CanonicalizeHostname is set to 'always').
- ssh(1): fix regression in OpenSSH 7.8 that could prevent public-key
authentication using certificates hosted in a ssh-agent(1) or against
sshd(8) from OpenSSH <7.8 (LP: #1790963).
- All: support building against the openssl-1.1 API (releases 1.1.0g and
later). The openssl-1.0 API will remain supported at least until
OpenSSL terminates security patch support for that API version
(closes: #828475).
- sshd(8): allow the futex(2) syscall in the Linux seccomp sandbox;
apparently required by some glibc/OpenSSL combinations.
* Remove dh_builddeb override to use xz compression; this has been the
default since dpkg 1.17.0.
* Simplify debian/rules using /usr/share/dpkg/default.mk.
* Remove /etc/network/if-up.d/openssh-server, as it causes more problems
than it solves (thanks, Christian Ehrhardt, Andreas Hasenack, and David
Britton; closes: #789532, LP: #1037738, #1674330, #1718227). Add an
"if-up hook removed" section to README.Debian documenting the corner
case that may need configuration adjustments.
-- Colin Watson <cjwatson@xxxxxxxxxx> Sun, 21 Oct 2018 10:39:24 +0100
** Changed in: openssh (Ubuntu)
Status: New => Fix Released
--
You received this bug notification because you are a member of Epoptes
Developers, which is subscribed to epoptes in Ubuntu.
https://bugs.launchpad.net/bugs/1718227
Title:
replacement of ifupdown with netplan needs integration for
/etc/network/if{up,down}.d scripts
Status in aiccu package in Ubuntu:
Invalid
Status in aoetools package in Ubuntu:
New
Status in avahi package in Ubuntu:
New
Status in bind9 package in Ubuntu:
Invalid
Status in chrony package in Ubuntu:
Fix Released
Status in clamav package in Ubuntu:
Triaged
Status in controlaula package in Ubuntu:
Invalid
Status in epoptes package in Ubuntu:
New
Status in ethtool package in Ubuntu:
Triaged
Status in guidedog package in Ubuntu:
New
Status in htpdate package in Ubuntu:
New
Status in ifenslave package in Ubuntu:
Won't Fix
Status in ifmetric package in Ubuntu:
Won't Fix
Status in ifupdown-multi package in Ubuntu:
New
Status in ifupdown-scripts-zg2 package in Ubuntu:
Invalid
Status in isatapd package in Ubuntu:
New
Status in lprng package in Ubuntu:
New
Status in miredo package in Ubuntu:
New
Status in mythtv package in Ubuntu:
New
Status in nplan package in Ubuntu:
New
Status in nss-pam-ldapd package in Ubuntu:
New
Status in ntp package in Ubuntu:
Triaged
Status in openntpd package in Ubuntu:
New
Status in openresolv package in Ubuntu:
Won't Fix
Status in openssh package in Ubuntu:
Fix Released
Status in openvpn package in Ubuntu:
New
Status in openvswitch package in Ubuntu:
Triaged
Status in postfix package in Ubuntu:
New
Status in quicktun package in Ubuntu:
New
Status in resolvconf package in Ubuntu:
New
Status in sendmail package in Ubuntu:
New
Status in shorewall-init package in Ubuntu:
New
Status in sidedoor package in Ubuntu:
New
Status in slrn package in Ubuntu:
New
Status in tinc package in Ubuntu:
New
Status in ubuntu-fan package in Ubuntu:
Fix Released
Status in ucarp package in Ubuntu:
New
Status in uml-utilities package in Ubuntu:
New
Status in uruk package in Ubuntu:
New
Status in vlan package in Ubuntu:
Won't Fix
Status in vzctl package in Ubuntu:
Triaged
Status in wide-dhcpv6 package in Ubuntu:
New
Status in wpa package in Ubuntu:
New
Bug description:
when network is configured with ifupdown, scripts in
/etc/network/ifup.d/ were called on network being brought up and
/etc/network/ifdown.d were called on network being brought down.
Any packages that shipped these hooks need to be verified to have the
same functionality under a netplan configured system.
# binpkgs=$(apt-file search /etc/network/if-up | sed 's,: .*,,' | sort -u)
# for i in $binpkgs; do
src=$(apt-cache show $i | awk '$1 == "Source:" { print $2; exit(0); }');
[ -z "$src" ] && src="$i"; echo $src; done | sort -u
aiccu
aoetools
avahi
bind9
chrony
clamav
controlaula
epoptes
ethtool
guidedog
htpdate
ifenslave
ifmetric
ifupdown-extra
ifupdown-multi
ifupdown-scripts-zg2
isatapd
lprng
miredo
mythtv-backend
nss-pam-ldapd
ntp
openntpd
openresolv
openssh
openvpn
postfix
quicktun
resolvconf
sendmail
shorewall-init
sidedoor
slrn
tinc
ubuntu-fan
ucarp
uml-utilities
uruk
vlan
vzctl
wide-dhcpv6
wpa
Related bugs:
* bug 1718227: replacement of ifupdown with netplan needs integration for /etc/network/if{up,down}.d scripts
* bug 1713803: replacement of resolvconf with systemd needs integration
* bug 1717983: replacement of isc-dhcp-client with with systemd-networkd for dhclient needs integration
ProblemType: Bug
DistroRelease: Ubuntu 17.10
Package: netplan (not installed)
ProcVersionSignature: Ubuntu 4.12.0-11.12-generic 4.12.5
Uname: Linux 4.12.0-11-generic x86_64
NonfreeKernelModules: zfs zunicode zavl zcommon znvpair
ApportVersion: 2.20.7-0ubuntu1
Architecture: amd64
CurrentDesktop: GNOME
Date: Tue Sep 19 10:53:08 2017
EcryptfsInUse: Yes
InstallationDate: Installed on 2015-07-23 (789 days ago)
InstallationMedia: Ubuntu 15.10 "Wily Werewolf" - Alpha amd64 (20150722.1)
ProcEnviron:
TERM=xterm-256color
PATH=(custom, no user)
XDG_RUNTIME_DIR=<set>
LANG=en_US.UTF-8
SHELL=/bin/bash
SourcePackage: plan
UpgradeStatus: No upgrade log present (probably fresh install)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/aiccu/+bug/1718227/+subscriptions
References
